TQL has been Hacked
May. 10th, 2011 11:02 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
momentsgoneby.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
getithereHi!
I’m one of the True Queer Love administrators.
Unfortunately, Google and I both discovered harmful code on our site about the same time and as a result Google users now see the warning page some of you have already came across when attempting to visit pages within the site. To be on the safe side I have also locked down the entire site and am at the moment the only one that can enter the site while we’re working on correcting the problem.
So what has happened?
Short and simple? We’ve been hacked.
So what is the problem?
The hackers have inserted malicious code to the site and as a result it, when visited, may infect your computer with malware.
I visit TQL every now and then and this sounds pretty bad, what should I do?
Hopefully it was caught before it had time to do all that much harm, but I would still recommend anyone that has visited TQL in the last two weeks to do one or more scans of their systems, just to be on the safe side.
Use your regular anti-virus program, but remember that it is always a good idea to scan with one or two more programs as all anti-viruses are created as a reaction to harmful code and the results of a scan often varies from program to program.
If you don’t have an anti-virus program installed you can get trial versions here:
F-secure: https://my.f-secure.com/en/home/-/subscribe/GLOBAL/FCA1/trial
Avast!: http://www.avast.com/en-au/download-trial
Kaspersky: http://www.kaspersky.com/trials
McAfee: http://home.mcafee.com/store/free-antivirus-trials?ctst=1
Norton: http://us.norton.com/downloads/trialsoftware/index.jsp
A normal Google search can give you more choices if you so wish.
In addition I’d recommend to scan with one or both below just to be sure:
Ad-Aware: http://www.lavasoft.com/products/ad_aware_free.php
Spybot - Search & Destroy: http://spybot-search-destroy.en.softonic.com/
Is there and estimate when TQL will be back up?
At this moment there is no way of saying for sure when we’ll be back up. It can be as early as in a couple of hours and as late as next week.
In order to not lose anything, our first attempt is to clean all code and since this is quite a lot of code and we really don’t want to take any chances and miss anything harmful, however small, and we all have other obligations (life) this may take some time.
However, if this fails there are plenty of backups that we can use. The amount of loss that comes with using one of these backups depends on when the last absolutely clean one was made and we would prefer not to have to use this alternative unless necessary.
In addition we will review the security to try preventing this from happening again before we reopen our doors.
I’ve been meaning to inform everyone all day, but have had to wait for all scans of my own computers to be cleared as to be sure that I by connecting to the internet would not pass anything on.
I am so sorry for not being able to get the information out earlier and apologize for that, the inconvenience of having to perform multiple scans of own computer and for anyone that may have gotten any malware by visiting TQL.
We are truly sorry if any of our users have had their computers infected when visiting us and hope that you will be patient with us while we work on getting the site back up.
If you, for whatever reason, want to contact us administrators you can reach us at info[at]truequeerlove.com or if you want to reach me directly you can do so at momentsgoneby[at]truequeerlove.com
We will, as always, answer as soon as possible.
/Nickie
Posted with moderators permission
I’m one of the True Queer Love administrators.
Unfortunately, Google and I both discovered harmful code on our site about the same time and as a result Google users now see the warning page some of you have already came across when attempting to visit pages within the site. To be on the safe side I have also locked down the entire site and am at the moment the only one that can enter the site while we’re working on correcting the problem.
So what has happened?
Short and simple? We’ve been hacked.
So what is the problem?
The hackers have inserted malicious code to the site and as a result it, when visited, may infect your computer with malware.
I visit TQL every now and then and this sounds pretty bad, what should I do?
Hopefully it was caught before it had time to do all that much harm, but I would still recommend anyone that has visited TQL in the last two weeks to do one or more scans of their systems, just to be on the safe side.
Use your regular anti-virus program, but remember that it is always a good idea to scan with one or two more programs as all anti-viruses are created as a reaction to harmful code and the results of a scan often varies from program to program.
If you don’t have an anti-virus program installed you can get trial versions here:
F-secure: https://my.f-secure.com/en/home/-/subscribe/GLOBAL/FCA1/trial
Avast!: http://www.avast.com/en-au/download-trial
Kaspersky: http://www.kaspersky.com/trials
McAfee: http://home.mcafee.com/store/free-antivirus-trials?ctst=1
Norton: http://us.norton.com/downloads/trialsoftware/index.jsp
A normal Google search can give you more choices if you so wish.
In addition I’d recommend to scan with one or both below just to be sure:
Ad-Aware: http://www.lavasoft.com/products/ad_aware_free.php
Spybot - Search & Destroy: http://spybot-search-destroy.en.softonic.com/
Is there and estimate when TQL will be back up?
At this moment there is no way of saying for sure when we’ll be back up. It can be as early as in a couple of hours and as late as next week.
In order to not lose anything, our first attempt is to clean all code and since this is quite a lot of code and we really don’t want to take any chances and miss anything harmful, however small, and we all have other obligations (life) this may take some time.
However, if this fails there are plenty of backups that we can use. The amount of loss that comes with using one of these backups depends on when the last absolutely clean one was made and we would prefer not to have to use this alternative unless necessary.
In addition we will review the security to try preventing this from happening again before we reopen our doors.
I’ve been meaning to inform everyone all day, but have had to wait for all scans of my own computers to be cleared as to be sure that I by connecting to the internet would not pass anything on.
I am so sorry for not being able to get the information out earlier and apologize for that, the inconvenience of having to perform multiple scans of own computer and for anyone that may have gotten any malware by visiting TQL.
We are truly sorry if any of our users have had their computers infected when visiting us and hope that you will be patient with us while we work on getting the site back up.
If you, for whatever reason, want to contact us administrators you can reach us at info[at]truequeerlove.com or if you want to reach me directly you can do so at momentsgoneby[at]truequeerlove.com
We will, as always, answer as soon as possible.
/Nickie
Posted with moderators permission
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2011-05-10 09:29 pm (UTC)(also, my apologies for misspelling your name in the other post. I have a friend who spells her name with the double Ks and it's just habit to type it that way.)
no subject
Date: 2011-05-12 07:09 pm (UTC)It’s all clean now, security updates have been done, but I still have to add some of our custom coding and Google has to do another sweep and give the green light. I’ll probably run a bunch of tests first to ensure everything works as it should as well and if life allows me the time we’ll soon be back up again.
No worries about the name, I’m more surprised when people do get it right and I’m not all that touchy about it. Especially since, though most people call me Nickie IRL, it’s just a nickname.
/Nickie
no subject
Date: 2011-05-10 11:28 pm (UTC)Does someone have something against QAF today??
no subject
Date: 2011-05-10 11:57 pm (UTC)no subject
Date: 2011-05-12 07:19 pm (UTC)How’s the cleaning up after it going? Want to compare notes and see if it’s the same?
If it is one of us might have found/done something the other did not think of yet.
Looks like we’re all clean now, security updates have been done, but I still have to add some of our custom coding and Google has to do another sweep and give the green light. I’ll probably run a bunch of tests first to ensure everything works as it should as well and if life allows me the time we’ll soon be back up again. I’m just hoping life in general will cooperate with my plan. That and Google.
/Nickie
no subject
Date: 2011-05-12 07:48 pm (UTC)I checked with various websites and my website was clean. I just downloaded all of my files and I'm going to update my Coppermine gallery. I'm basically deleting everything and just adding it back slowly to make sure that I haven't missed anything.
Then I'll submit to Google and see what they say. There really isn't anything more I can do. Are there any other steps that you've taken that I haven't?
no subject
Date: 2011-05-14 02:31 am (UTC)/Nickie
no subject
Date: 2011-05-14 06:51 am (UTC)